package com.day.cq.wcm.core.impl.servlets;

import com.adobe.granite.ui.components.HtmlResponse;
import com.adobe.granite.xss.XSSAPI;
import com.day.cq.i18n.I18n;
import com.day.cq.wcm.core.impl.CugUtils;
import java.io.IOException;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlManager;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.sling.SlingServlet;
import org.apache.jackrabbit.api.security.authorization.PrincipalSetPolicy;
import org.apache.sling.api.SlingHttpServletRequest;
import org.apache.sling.api.SlingHttpServletResponse;
import org.apache.sling.api.servlets.SlingAllMethodsServlet;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@SlingServlet(resourceTypes = {"sling/servlet/default"}, selectors = {"cugpolicy"}, extensions = {"conf"}, methods = {"POST"})
/* loaded from: input_file:com/day/cq/wcm/core/impl/servlets/CugPolicyServlet.class */
public class CugPolicyServlet extends SlingAllMethodsServlet {

    @Reference
    private XSSAPI xssAPI;
    private static final Logger log = LoggerFactory.getLogger(CugPolicyServlet.class);
    static final String PRINCIPAL_NAMES_PARAMETER = "principalNames";

    protected void doPost(SlingHttpServletRequest slingHttpServletRequest, SlingHttpServletResponse slingHttpServletResponse) throws IOException {
        Session session = (Session) slingHttpServletRequest.getResourceResolver().adaptTo(Session.class);
        HtmlResponse htmlResponse = new HtmlResponse(this.xssAPI, new I18n(slingHttpServletRequest), slingHttpServletRequest.getLocale());
        String path = slingHttpServletRequest.getResource().getPath();
        String[] parameterValues = slingHttpServletRequest.getParameterValues(PRINCIPAL_NAMES_PARAMETER);
        if (parameterValues == null) {
            htmlResponse.setStatus(400, "Missing parameter: principalNames");
            htmlResponse.send(slingHttpServletResponse, true);
            return;
        }
        try {
            if (!session.hasPermission(path, "modify_access_control")) {
                htmlResponse.setStatus(401, "Unauthorized to edit CUG policy");
                htmlResponse.send(slingHttpServletResponse, true);
                return;
            }
            AccessControlManager accessControlManager = session.getAccessControlManager();
            PrincipalSetPolicy cugPolicy = CugUtils.getCugPolicy(path, accessControlManager);
            if (cugPolicy != null) {
                Set principals = cugPolicy.getPrincipals();
                if (!principals.isEmpty()) {
                    cugPolicy.removePrincipals((Principal[]) principals.toArray(new Principal[0]));
                }
                ArrayList arrayList = new ArrayList();
                for (final String str : parameterValues) {
                    if (!str.trim().isEmpty()) {
                        arrayList.add(new Principal() { // from class: com.day.cq.wcm.core.impl.servlets.CugPolicyServlet.1
                            @Override // java.security.Principal
                            public String getName() {
                                return str;
                            }
                        });
                    }
                }
                if (!arrayList.isEmpty()) {
                    cugPolicy.addPrincipals((Principal[]) arrayList.toArray(new Principal[0]));
                    accessControlManager.setPolicy(path, cugPolicy);
                } else if (!principals.isEmpty()) {
                    accessControlManager.removePolicy(path, cugPolicy);
                }
                session.save();
                htmlResponse.setStatus(200, "CUG policy has been edited");
                htmlResponse.send(slingHttpServletResponse, true);
            } else {
                log.warn("Can't retrieve CUG policy for " + path);
                htmlResponse.setStatus(500, "CUG policy can't be retrieved");
                htmlResponse.send(slingHttpServletResponse, true);
            }
        } catch (RepositoryException e) {
            log.error("Error editing the CUG policy", e);
            htmlResponse.setStatus(500, e.getMessage());
            htmlResponse.send(slingHttpServletResponse, true);
        }
    }

    protected void bindXssAPI(XSSAPI xssapi) {
        this.xssAPI = xssapi;
    }

    protected void unbindXssAPI(XSSAPI xssapi) {
        if (this.xssAPI == xssapi) {
            this.xssAPI = null;
        }
    }
}
